After a standard system upgrade you need to restart Thunderbird toeffect the necessary changes.

Please note that Thunderbird 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 arealso affected by these problems. Updates for these Ubuntu releaseswill be delayed due to upstream dropping support for this Thunderbirdversion. We strongly advise that you disable JavaScript to disable theattack vectors for most vulnerabilities if you use one of these Ubuntuversions.

Details follow:

Various flaws have been reported that allow an attacker to executearbitrary code with user privileges by tricking the user into openinga malicious email containing JavaScript. Please note that JavaScriptis disabled by default for emails, and it is not recommended to enableit. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805,CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810,CVE-2006-3811, CVE-2006-3812)

A buffer overflow has been discovered in the handling of .vcard files.By tricking a user into importing a malicious vcard into his contacts,this could be exploited to execute arbitrary code with the user'sprivileges. (CVE-2006-3084)

The "enigmail" plugin has been updated to work with the newThunderbird version.